Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Fast-XML-Parser for Root:npm: Uncontrolled XML Input Can Cause Crash
ROOT-APP-NPM-CVE-2026-33036
Summary
A security issue in the Fast-XML-Parser library used by Root:npm can cause the application to crash if it processes malformed XML input. This could potentially lead to a denial of service. Update to a patched version of the library to fix the issue.
What to do
- Update rootio @rootio/fast-xml-parser to version 4.4.1-root.io.6.
- Update rootio @rootio/fast-xml-parser to version 5.3.6-root.io.3.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| rootio | @rootio/fast-xml-parser | <= 4.4.1-root.io.6 | 4.4.1-root.io.6 |
| rootio | @rootio/fast-xml-parser | <= 5.3.6-root.io.3 | 5.3.6-root.io.3 |
Original title
CVE-2026-33036 in @rootio/fast-xml-parser - Patched by Root
Original description
Root has patched CVE-2026-33036 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available.
Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 29 Mar 2026